[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRbVO0yNt5xkKckCyBH88LXgtpmod41AyzqHQIEKeKEw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":144,"fingerprints":381},"onesignal-sender","OneSignal Sender","1.4","marcbousleiman","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcbousleiman\u002F","\u003Cp>This plugin is an addon to OneSignal – Free Web Push Notifications that gives the user the ability to control (Send, Schedule, Check, Cancel) Notifications from the WP dashboard.\u003Cbr \u002F>\nAs well as check App’s info, users info, and users overview.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Copyrights: \u003Ca href=\"http:\u002F\u002Ftrianglemena.com\" rel=\"nofollow ugc\">Triangle Mena\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Overview page\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>APP’s info\u003C\u002Fli>\n\u003Cli>Users info\u003C\u002Fli>\n\u003Cli>Latest 50 subscribed Users overview (with details)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Send Notifications page\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send immediate notifications to all subscribed users\u003C\u002Fli>\n\u003Cli>Schedule notifications on a specific date and time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Scheduled Notifications page\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check out your scheduled notifications\u003C\u002Fli>\n\u003Cli>Cancel any of the scheduled notifications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Sent Notifications page\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check out your sent notifications (with details)\u003C\u002Fli>\n\u003Cli>Check out the statistics for every single notification (Delivery Statistics – Conversion Statistics)\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin is an addon to OneSignal - Free Web Push Notifications that gives the user the ability to control (Send, Schedule, Check, Cancel) Notifica &hellip;",400,14307,60,6,"2019-05-27T13:12:00.000Z","5.2.24","3.8.0","",[20,21,22,23],"backend","dashboard","onesignal","web-push-notifications","http:\u002F\u002Fmarcbousleiman.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonesignal-sender.1.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-04-04T08:32:18.520Z",[37,59,80,107,124],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"admin-customizer","Admin Customizer","2.2.7","Nilambar Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fnilambar\u002F","\u003Cp>This plugin allows you to customize admin interface of your WordPress site. Several options are available in a single plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Change logo in admin header\u003C\u002Fli>\n\u003Cli>Custom CSS style for Admin and Login pages\u003C\u002Fli>\n\u003Cli>Hide update nagging bar\u003C\u002Fli>\n\u003Cli>Replace ‘Howdy’ with your own text\u003C\u002Fli>\n\u003Cli>Rearrange Logout menu\u003C\u002Fli>\n\u003Cli>Confirmation on Logout\u003C\u002Fli>\n\u003Cli>Hide WordPress Default Dashboard widgets\u003C\u002Fli>\n\u003Cli>Add new custom widget in Dashboard\u003C\u002Fli>\n\u003Cli>Hide or customize admin footer\u003C\u002Fli>\n\u003Cli>Change logo in Login page\u003C\u002Fli>\n\u003Cli>Add background image in your Login page\u003C\u002Fli>\n\u003Cli>Set maximum number of Revisions or disable completely\u003C\u002Fli>\n\u003Cli>Change Default Email address and Name for sending emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you like this plugin, please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fadmin-customizer\u002Freviews\u002F\" rel=\"ugc\">rate and review\u003C\u002Fa>.\u003C\u002Fp>\n","A plugin for customizing your admin panel.",1000,35342,98,16,"2023-08-15T09:49:00.000Z","6.3.8","4.9","5.6",[54,20,55,56,21],"admin","customization","customize","https:\u002F\u002Fwww.nilambar.net\u002F2013\u002F11\u002Fadmin-customizer-wordpress-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-customizer.2.2.7.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":77,"download_link":78,"security_score":79,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"dashboard-notes","Dashboard Notes","1.0.3","MIGHTYminnow","https:\u002F\u002Fprofiles.wordpress.org\u002Fmightyminnow\u002F","\u003Cp>\u003Cstrong>The plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-widgets\u002F\" rel=\"ugc\">Classic Widgets\u003C\u002Fa> is needed (this plugin doesn’t work with Gutenberg).\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with PHP 8.2\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fdashboard-notes\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Dashboard Notes lets you create super simple notes and instructions for your clients within the WordPress dashboard. Choose the color of the notification, whether or not to include a logo, and exactly what pages to include the notification on (uses simple URL matching).\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install the Dashboard Notes.\u003C\u002Fli>\n\u003Cli>Go to Appearance > Widgets where you will see a new “Dashboard Notes” sidebar.\u003C\u002Fli>\n\u003Cli>To create a note, simply drag a new widget into the sidebar and give it some content (we typically use a text\u002FHTML widget).\u003C\u002Fli>\n\u003Cli>Once you’ve added content to the widget, click save, and the Dashboard Notes settings for this widget will appear.\u003C\u002Fli>\n\u003Cli>Adjust the settings to meet your needs, and click save when you’re done.\u003C\u002Fli>\n\u003Cli>Refresh, or navigate to any page to see your new note in action.\u003C\u002Fli>\n\u003Cli>Use the plugin settings found via \u003Cstrong>Settings > Dashboard Notes\u003C\u002Fstrong> to choose which user roles can\u002Fcan’t see the notices.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Special thanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fkasparsd\u002F\" rel=\"nofollow ugc\">Kaspars Dambis\u003C\u002Fa> for his work on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwidget-context\u002F\" rel=\"ugc\">Widget Context\u003C\u002Fa> – much of this project is based on that code.\u003C\u002Fp>\n","Easily create notes\u002Finstructions in the WordPress admin using any widget you like!",600,14841,94,19,"2026-03-10T08:10:00.000Z","6.9.4","3.0",[54,20,21,75,76],"instructions","notes","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdashboard-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-notes.1.0.3.zip",100,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":79,"num_ratings":32,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":105,"download_link":106,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"admin-menu-slide","Admin Menu Slide","1.0","Maciej Krawczyk","https:\u002F\u002Fprofiles.wordpress.org\u002Fhelium-3\u002F","\u003Cp>Admin Menu Slide is a simple plugin that adds a feature to hide admin menu and make it slide when hovering on the edge of the screen. Works exactly like WordPress collapse menu – you can toggle the feature on\u002Foff by clicking a button, which is at the bottom of admin menu. When enabled, admin pages have full screen width.\u003C\u002Fp>\n","Adds a feature to hide admin menu and make it slide when hovering on the edge of the screen.",10,2382,"2015-07-30T13:50:00.000Z","4.3.34","3.8",[54,94,20,21,95,96,97,98,99,100,101,102,103,104],"administration","free","javascript","jquery","menu","mobile","navigation","page","performance","plugins","sidebar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadmin-menu-slide","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-menu-slide.1.0.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":88,"downloaded":115,"rating":27,"num_ratings":27,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":18,"tags":119,"homepage":122,"download_link":123,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"admin-tag-ui","Admin Tag UI","1.1.4","divspark","https:\u002F\u002Fprofiles.wordpress.org\u002Fdivspark\u002F","\u003Cp>Admin Tag UI improves the tag sections found in the admin backend’s classic editor add and edit post screens. There are several changes to the interface.\u003C\u002Fp>\n\u003Ch4>Add, Edit Post Screens\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Shows all tags instead of just the most used – Helpful to see all of the tags instead of having to guess for less commonly used ones.\u003C\u002Fli>\n\u003Cli>Displays the tags in a list on their own lines rather than trying to show them all on the same line.\u003C\u002Fli>\n\u003Cli>Displays the tags in 2 columns (or can be set to 1).\u003C\u002Fli>\n\u003Cli>Increased font size of tags making it easier to read and select.\u003C\u002Fli>\n\u003Cli>Highlights selected tags\u003C\u002Fli>\n\u003Cli>Clicking on tags will no longer jump the screen up to the “Add” tag field.\u003C\u002Fli>\n\u003Cli>Automatically reveals the tags instead of having to click to have them revealed.\u003C\u002Fli>\n\u003Cli>The appearance changes also apply to the tags under the currently selected tags section.\u003C\u002Fli>\n\u003Cli>For selected tags, hovering over the remove (X) icon highlights the entire tag in red. The purpose is to more easily identify which tags are being hovered over.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>There is a settings page allowing several of the changes above to be turned on or off, or altered. This allows a fine tuning of the user interface to fit your needs. All of the settings above are enabled by default.\u003C\u002Fp>\n","Improves the tag sections located in the admin backend (WordPress dashboard) classic editor post screens.",2712,"2021-10-26T22:12:00.000Z","5.8.13","5.8",[54,20,21,120,121],"tag","tags","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadmin-tag-ui\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-tag-ui.1.1.4.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":27,"downloaded":132,"rating":27,"num_ratings":27,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":141,"download_link":142,"security_score":143,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"nuxt-panel","Nuxt Panel","1.0.0","technuxt","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechnuxt\u002F","\u003Cp>Nuxt Panel by \u003Ca href=\"https:\u002F\u002Ftechnuxt.com\u002F\" rel=\"nofollow ugc\">TECHNUXT\u003C\u002Fa> is a revolutionary WordPress plugin designed to transform your WordPress dashboard into a sleek, modern workspace. Whether you’re a developer, content creator, or business owner, this plugin gives you the power to customize the look and feel of your dashboard with four unique templates, tailored for productivity and aesthetics.\u003C\u002Fp>\n\u003Ch3>Plugin Documentiation:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnuxt-panel\u002F\" rel=\"ugc\">WordPress Description\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftechnuxt.com\u002Fcontact\" rel=\"nofollow ugc\">Need help\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftechnuxt.com\u002Fabout\" rel=\"nofollow ugc\">About Author\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>4 Custom Dashboard Templates: Choose from four professionally designed layouts, each offering a distinct style to suit your workflow and preferences.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Intuitive Design: Simplifies the WordPress backend with a clean and user-friendly interface.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Enhanced User Experience: Focus on functionality while enjoying a visually stunning dashboard.\u003C\u002Fli>\n\u003Cli>Seamless Integration: Works with all major WordPress plugins and themes, ensuring a hassle-free experience.\u003C\u002Fli>\n\u003Cli>Lightweight & Fast: Built with performance in mind to keep your dashboard responsive and efficient.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Nuxt Panel?\u003C\u002Fh3>\n\u003Cp>At \u003Ca href=\"https:\u002F\u002Ftechnuxt.com\u002F\" rel=\"nofollow ugc\">TECHNUXT\u003C\u002Fa>, we believe in empowering WordPress users with tools that enhance usability and efficiency. Nuxt Panel is crafted to bring a fresh perspective to your WordPress experience, offering not just customization but also a boost in productivity.\u003C\u002Fp>\n\u003Cp>Transform your WordPress dashboard today with Nuxt Panel—where style meets functionality!\u003C\u002Fp>\n","Use Nuxt Panel plugin for Enhanced admin Experience",533,"2024-12-27T19:35:00.000Z","6.7.5","5.7","7.0",[138,139,140],"technuxt-plugins","wordpress-backend-styling","wordpress-dashboard-customization","https:\u002F\u002Ftechnuxt.com\u002Fnuxt-panel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnuxt-panel.1.0.0.zip",92,{"attackSurface":145,"codeSignals":178,"taintFlows":317,"riskAssessment":372,"analyzedAt":380},{"hooks":146,"ajaxHandlers":161,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":177,"unprotectedCount":27},[147,153,157],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","admin_menu","oss_notifications_admin_main_menu_scr","admin_menu\\admin-menu.php",24,{"type":148,"name":154,"callback":155,"file":151,"line":156},"admin_enqueue_scripts","oss_onesignal_sender_src_files",42,{"type":148,"name":158,"callback":159,"file":151,"line":160},"admin_init","oss_settings_page_fields",62,[162,168,170,173],{"action":163,"nopriv":164,"callback":163,"hasNonce":165,"hasCapCheck":164,"file":166,"line":167},"oss_canceling_the_msg",false,true,"admin_menu\\ajax\\canceling-the-msg.php",12,{"action":163,"nopriv":165,"callback":163,"hasNonce":165,"hasCapCheck":164,"file":166,"line":169},13,{"action":171,"nopriv":164,"callback":171,"hasNonce":165,"hasCapCheck":164,"file":172,"line":167},"oss_sending_the_msg","admin_menu\\ajax\\sending-the-msg.php",{"action":171,"nopriv":165,"callback":171,"hasNonce":165,"hasCapCheck":164,"file":172,"line":169},[],[],[],4,{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":182,"fileOperations":27,"externalRequests":14,"nonceChecks":315,"capabilityChecks":27,"bundledLibraries":316},[],{"prepared":27,"raw":27,"locations":181},[],{"escaped":27,"rawEcho":183,"locations":184},75,[185,188,189,191,192,195,196,198,200,201,203,204,205,207,209,211,213,215,217,219,221,223,226,227,229,231,233,235,236,238,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,270,271,272,274,276,277,279,281,282,284,286,288,290,291,292,294,295,296,297,298,299,300,302,304,306,308,309,311,313],{"file":151,"line":186,"context":187},50,"raw output",{"file":151,"line":143,"context":187},{"file":166,"line":190,"context":187},45,{"file":172,"line":143,"context":187},{"file":193,"line":194,"context":187},"admin_menu\\sections\\all-nots.php",23,{"file":193,"line":152,"context":187},{"file":193,"line":197,"context":187},25,{"file":193,"line":199,"context":187},26,{"file":193,"line":143,"context":187},{"file":193,"line":202,"context":187},96,{"file":193,"line":202,"context":187},{"file":193,"line":202,"context":187},{"file":193,"line":206,"context":187},101,{"file":193,"line":208,"context":187},102,{"file":193,"line":210,"context":187},109,{"file":193,"line":212,"context":187},112,{"file":193,"line":214,"context":187},115,{"file":193,"line":216,"context":187},141,{"file":193,"line":218,"context":187},142,{"file":193,"line":220,"context":187},143,{"file":193,"line":222,"context":187},144,{"file":224,"line":225,"context":187},"admin_menu\\sections\\general_overview.php",18,{"file":224,"line":70,"context":187},{"file":224,"line":228,"context":187},20,{"file":224,"line":230,"context":187},21,{"file":224,"line":232,"context":187},73,{"file":224,"line":234,"context":187},74,{"file":224,"line":183,"context":187},{"file":224,"line":237,"context":187},78,{"file":224,"line":202,"context":187},{"file":224,"line":240,"context":187},97,{"file":224,"line":242,"context":187},103,{"file":224,"line":244,"context":187},108,{"file":224,"line":246,"context":187},128,{"file":224,"line":248,"context":187},153,{"file":224,"line":250,"context":187},165,{"file":224,"line":252,"context":187},168,{"file":224,"line":254,"context":187},171,{"file":224,"line":256,"context":187},174,{"file":224,"line":258,"context":187},177,{"file":224,"line":260,"context":187},202,{"file":224,"line":262,"context":187},203,{"file":224,"line":264,"context":187},204,{"file":224,"line":266,"context":187},205,{"file":268,"line":194,"context":187},"admin_menu\\sections\\send-nots.php",{"file":268,"line":152,"context":187},{"file":268,"line":197,"context":187},{"file":268,"line":199,"context":187},{"file":268,"line":273,"context":187},39,{"file":268,"line":275,"context":187},66,{"file":268,"line":275,"context":187},{"file":268,"line":278,"context":187},67,{"file":268,"line":280,"context":187},77,{"file":268,"line":237,"context":187},{"file":268,"line":283,"context":187},79,{"file":268,"line":285,"context":187},80,{"file":287,"line":230,"context":187},"admin_menu\\sections\\sent-nots.php",{"file":287,"line":289,"context":187},22,{"file":287,"line":194,"context":187},{"file":287,"line":152,"context":187},{"file":287,"line":293,"context":187},107,{"file":287,"line":210,"context":187},{"file":287,"line":210,"context":187},{"file":287,"line":210,"context":187},{"file":287,"line":210,"context":187},{"file":287,"line":210,"context":187},{"file":287,"line":212,"context":187},{"file":287,"line":301,"context":187},113,{"file":287,"line":303,"context":187},120,{"file":287,"line":305,"context":187},123,{"file":287,"line":307,"context":187},126,{"file":287,"line":248,"context":187},{"file":287,"line":310,"context":187},154,{"file":287,"line":312,"context":187},155,{"file":287,"line":314,"context":187},156,2,[],[318,345,356,364],{"entryPoint":319,"graph":320,"unsanitizedCount":27,"severity":344},"oss_canceling_the_msg (admin_menu\\ajax\\canceling-the-msg.php:15)",{"nodes":321,"edges":341},[322,327,333,337],{"id":323,"type":324,"label":325,"file":166,"line":326},"n0","source","$_REQUEST",27,{"id":328,"type":329,"label":330,"file":166,"line":331,"wp_function":332},"n1","sink","wp_remote_post() [SSRF]",29,"wp_remote_post",{"id":334,"type":324,"label":335,"file":166,"line":336},"n2","$_SERVER['HTTP_REFERER']",47,{"id":338,"type":329,"label":339,"file":166,"line":336,"wp_function":340},"n3","header() [Header Injection]","header",[342,343],{"from":323,"to":328,"sanitized":165},{"from":334,"to":338,"sanitized":165},"low",{"entryPoint":346,"graph":347,"unsanitizedCount":27,"severity":344},"\u003Ccanceling-the-msg> (admin_menu\\ajax\\canceling-the-msg.php:0)",{"nodes":348,"edges":353},[349,350,351,352],{"id":323,"type":324,"label":325,"file":166,"line":326},{"id":328,"type":329,"label":330,"file":166,"line":331,"wp_function":332},{"id":334,"type":324,"label":335,"file":166,"line":336},{"id":338,"type":329,"label":339,"file":166,"line":336,"wp_function":340},[354,355],{"from":323,"to":328,"sanitized":165},{"from":334,"to":338,"sanitized":165},{"entryPoint":357,"graph":358,"unsanitizedCount":27,"severity":344},"oss_sending_the_msg (admin_menu\\ajax\\sending-the-msg.php:15)",{"nodes":359,"edges":362},[360,361],{"id":323,"type":324,"label":335,"file":172,"line":69},{"id":328,"type":329,"label":339,"file":172,"line":69,"wp_function":340},[363],{"from":323,"to":328,"sanitized":165},{"entryPoint":365,"graph":366,"unsanitizedCount":27,"severity":344},"\u003Csending-the-msg> (admin_menu\\ajax\\sending-the-msg.php:0)",{"nodes":367,"edges":370},[368,369],{"id":323,"type":324,"label":335,"file":172,"line":69},{"id":328,"type":329,"label":339,"file":172,"line":69,"wp_function":340},[371],{"from":323,"to":328,"sanitized":165},{"summary":373,"deductions":374},"The onesignal-sender v1.4 plugin exhibits a mixed security posture.  On the positive side, it demonstrates good practices by having no known CVEs, no critical or high severity taint flows, and all SQL queries are properly prepared.  The attack surface is relatively small with only four AJAX handlers, and importantly, none of these are identified as unprotected, suggesting authentication checks are in place for these entry points.  The absence of shortcodes, cron events, and REST API routes further limits potential attack vectors.\n\nHowever, a significant concern arises from the complete lack of output escaping for all identified outputs (75 total). This represents a critical weakness, as it leaves the plugin highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed by the plugin without proper escaping could be manipulated by an attacker to inject malicious scripts, potentially leading to session hijacking, credential theft, or defacement. The presence of 6 external HTTP requests also warrants attention, as these could be a vector for other types of attacks if not handled securely, although the static analysis did not reveal specific issues here.\n\nGiven the vulnerability history shows no recorded issues, it suggests a potentially well-maintained plugin, or at least one that hasn't been extensively targeted or found to have flaws. Nevertheless, the lack of output escaping is a severe and fundamental security oversight that overshadows the otherwise positive aspects.  The plugin needs immediate attention to address the output escaping deficiency to mitigate significant XSS risks.",[375,378],{"reason":376,"points":377},"0% output escaping",15,{"reason":379,"points":315},"External HTTP requests present (6)","2026-03-16T19:46:27.077Z",{"wat":382,"direct":395},{"assetPaths":383,"generatorPatterns":388,"scriptPaths":389,"versionParams":390},[384,385,386,387],"\u002Fwp-content\u002Fplugins\u002Fonesignal-sender\u002Fjs\u002FIntimidatetime-master\u002Fdist\u002FIntimidatetime.min.css","\u002Fwp-content\u002Fplugins\u002Fonesignal-sender\u002Fjs\u002FIntimidatetime-master\u002Fdist\u002FIntimidatetime.min.js","\u002Fwp-content\u002Fplugins\u002Fonesignal-sender\u002Fjs\u002Fmoment\u002Fmoment.js","\u002Fwp-content\u002Fplugins\u002Fonesignal-sender\u002Fjs\u002Fmoment\u002Fmoment-timezone-with-data.js",[],[385,386,387],[391,392,393,394],"onesignal-sender\u002Fjs\u002FIntimidatetime-master\u002Fdist\u002FIntimidatetime.min.css?ver=","onesignal-sender\u002Fjs\u002FIntimidatetime-master\u002Fdist\u002FIntimidatetime.min.js?ver=","onesignal-sender\u002Fjs\u002Fmoment\u002Fmoment.js?ver=","onesignal-sender\u002Fjs\u002Fmoment\u002Fmoment-timezone-with-data.js?ver=",{"cssClasses":396,"htmlComments":405,"htmlAttributes":406,"restEndpoints":409,"jsGlobals":410,"shortcodeOutput":411},[397,398,399,400,401,402,403,404],"oss_plugin_options","oss_settings_page","elt","error_notice","todo_list","the_right_path","settings_form","notice_hr",[],[407,408],"name=\"oss_settings_page\"","value=\"\u003C?php echo get_option('oss_settings_page'); ?>\"",[],[],[]]